#!/bin/sh
# Start/stop/restart snort

# This tell snort which interface to listen on (any for every interface)
IFACE=${IFACE:-any}

# Make sure this matches your IFACE
PIDFILE=/var/run/snort_$IFACE.pid

# You probably don't want to change this, but in case you do
LOGDIR="/var/log/snort"

# Probably not this either
CONF=/etc/snort/snort.conf

# Start snort:
snort_start() {
  CMDLINE="/usr/bin/snort -d -D -i $IFACE"
  echo -n "Starting Snort daemon:  $CMDLINE"
  $CMDLINE --pid-path /var/run --create-pidfile -l $LOGDIR -c $CONF
  echo
}

# Stop snort:
snort_stop() {
  echo -n "Stopping Snort daemon ($IFACE)..."
  kill $(cat $PIDFILE)
  echo
  sleep 1
  rm -f $PIDFILE
}

# Restart snort:
snort_restart() {
  snort_stop
  sleep 1
  snort_start
}

case "$1" in
'start')
  snort_start
  ;;
'stop')
  snort_stop
  ;;
'restart')
  snort_restart
  ;;
*)
  echo "usage $0 start|stop|restart"
esac